- January 2026 noticed 16 crypto hacks totaling $86.01M, up 13.25% from December however barely decrease than January 2025.
- Phishing losses exceeded $300M in January, far surpassing protocol hack losses throughout the crypto sector.
- The most important January hack hit Step Finance at $28.9M, adopted by Truebit Protocol at $26.4M.
In January 2026, the crypto sector recorded a pointy distinction between protocol breaches and user-focused assaults.
Technical exploits brought on $86.01 million in losses, whereas phishing and social engineering exceeded $300 million. The info factors to a shift in assault strategies, with criminals more and more focusing on people fairly than sensible contracts.
January 2026 Crypto Hack Overview
The $86.01 million misplaced to hacks got here from 16 separate incidents throughout January 2026. This determine marked a 13.25% enhance from December 2025, when losses totaled $75.95 million. Nonetheless, it confirmed a slight 1.42% decline in comparison with January 2025, which recorded $87.25 million.
#PeckShieldAlert In Jan. 2026, the crypto area noticed 16 hacks totaling $86.01M in losses, representing a slight 1.42% YoY lower in comparison with Jan. 2025 ($87.25M) however a notable 13.25% MoM surge from Dec. 2025 ($75.95M).
In the meantime, #phishing stays staggering with losses… pic.twitter.com/pxugbsPcZ7
— PeckShieldAlert (@PeckShieldAlert) February 1, 2026
A lot of the January incidents concerned protocol or treasury vulnerabilities. These assaults centered on code weaknesses or entry management failures. Losses have been concentrated amongst a small variety of initiatives fairly than unfold throughout the sector.
Safety companies monitoring blockchain exploits famous that assault frequency remained steady. Nonetheless, the worth of particular person incidents elevated in comparison with late 2025. This sample instructed that attackers have been deciding on higher-value targets.
Largest Protocol Breaches by Worth
Step Finance recorded the most important loss in January, totaling $28.9 million. The funds have been taken from a treasury breach that affected inside controls. The mission later confirmed the incident and commenced inside critiques.
Truebit Protocol adopted with losses of $26.4 million on January 9. The exploit triggered a pointy token worth drop shortly after disclosure. Buying and selling exercise slowed as exchanges assessed the state of affairs.
SwapNet reported losses of $13.3 million from a contract exploit. Saga, also called Sagaxyz, misplaced $7 million throughout the identical interval. Makinafi skilled a $4.13 million breach, though about $2.7 million was later recovered.
These incidents confirmed that protocol dangers remained current. Nonetheless, their mixed worth remained far beneath losses from social engineering assaults throughout the month.
Phishing and Social Engineering Losses Surge
Phishing losses in January exceeded $300 million, far surpassing protocol-related thefts. Most instances concerned focused campaigns fairly than broad e mail scams. Attackers used direct contact strategies and trusted platforms.
The most important single loss occurred on January 10, 2026. One sufferer misplaced over $282 million in Bitcoin and Litecoin. The theft adopted a {hardware} pockets social engineering scheme that used impersonation and false safety prompts.
Safety analysts noticed elevated use of deep faux audio and video. Attackers additionally relied on AI-generated messages to look professional. These ways diminished suspicion and elevated success charges.
Broader Context From 2025
The January figures adopted a 12 months of heavy losses in 2025. Complete crypto theft exceeded $3.4 billion throughout that 12 months. A significant portion got here from the $1.5 billion Bybit breach in February 2025.
Authorities recovered or froze about $334.9 million in stolen funds in 2025. This restoration charge was decrease than in earlier years. Regulation enforcement cited cross-border points and quick fund motion.
Latest campaigns additionally used *.vercel.app domains to ship malicious instruments. These domains helped bypass filters and unfold distant entry software program. Safety groups warned that these strategies would stay lively in early 2026.